Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Release 1.11.0 #113

Merged
merged 19 commits into from
Jun 28, 2024
Merged

Release 1.11.0 #113

merged 19 commits into from
Jun 28, 2024

Conversation

DennisDyallo
Copy link
Collaborator

@DennisDyallo DennisDyallo commented Jun 28, 2024
edited
Loading

This merges the changes from the 1.11 release into the develop branch.

1.11.0 Release

Release date: June 28th, 2024

This release introduces significant enhancements and new features for the latest YubiKeys, including support for
firmware version 5.7, which allows for temporary disabling of NFC connectivity and checking PIN complexity status.
It also expands RSA key support in PIV to 3072 and 4096-bit keys, and includes improvements for YubiKey Bio and
Multi-Protocol Edition keys.
Additionally, there are optimizations in USB reclaim speed and adjustments to the touch sensor sensitivity and a few bug
fixes.
Several command classes have been deprecated due to changes in how device info is read by the SDK, and integration test
guardrails have been implemented for better security.

Features:

  • Support for YubiKeys with the latest firmware (version 5.7):
    • NFC connectivity can now be temporarily disabled with SetIsNfcRestricted() (#91).
    • Additional property pages on the YubiKey are now read into YubiKeyDeviceInfo (#92).
    • PIN complexity status can be checked with IsPinComplexityEnabled (#92).
    • PIN complexity specific error messages and exceptions (#112).
    • The set of YubiKey applications that are capable of being put into FIPS mode can be retrieved with FipsCapable. The set of YubiKey applications that are in FIPS mode can be retrieved with FipsApproved (#92).
    • The part number for a key’s Secure Element processor, if available, can be retrieved with PartNumber (#92).
    • The set of YubiKey applications that are blocked from being reset can be retrieved with ResetBlocked (#92).
    • PIV: 3072 and 4096 RSA keys can now be generated and imported (#100).
    • PIV: Keys can be moved between the different slots on the YubiKey. Any key except the attestation key can be moved from one slot to another (#103).
  • Support for YubiKey Bio/Bio Multi-Protocol Edition keys:
    • Get bio metadata (#108)
    • Added new verification policy enum values (PIN_OR_MATCH_ONCE, PIN_OR_MATCH_ALWAYS) (#108)
    • Bio user verification (#108)
    • Device Reset (#110)
  • The USB reclaim speed, which controls the time it takes to switch from one YubiKey application to another, has been reduced for compatible YubiKeys. To use the previous 3-second reclaim timeout for all keys, see UseOldReclaimTimeoutBehavior (#93).
  • The sensitivity of the YubiKey’s capacitive touch sensor can now be temporarily adjusted with SetTemporaryTouchThreshold (#95).

Bug fixes:

  • Update ManagementKeyAlgorithm on PIV Application reset (#105).
  • Queue macOS input reports so that large responses aren't dropped (#84).
  • Default back to old SCardConnect behavior. Reverts the change in behavior to open smart card handles exclusively. Instead now defaults back to shared like it was before, but allows for applications to toggle between the new and old behavior through the use of AppContext.SetSwitch (#83).

Miscellaneous:

  • The way that YubiKey device info is read by the SDK has changed, and as a result, the following GetDeviceInfo command classes have been deprecated (#91):
    • Yubico.YubiKey.Management.Commands.GetDeviceInfoCommand
    • Yubico.YubiKey.Otp.Commands.GetDeviceInfoCommand
    • Yubico.YubiKey.U2f.Commands.GetDeviceInfoCommand
    • Yubico.YubiKey.Management.Commands.GetDeviceInfoResponse
    • Yubico.YubiKey.Otp.Commands.GetDeviceInfoResponse
    • Yubico.YubiKey.U2f.Commands.GetDeviceInfoResponse
  • The correct certificate OID friendly names are now used for ECDsaCng (nistP256) and ECDsaOpenSsl (ECDSA_P256) (#78).
  • Integration test guardrails have been added to ensure tests are done only on specified keys. (#100).
  • Fixed build issue when compiling Yubico.NativeShims on MacOS (#109).
  • Run unit tests on all platforms in CI (#80).

Dependencies:

  • Update xUnit and Microsoft.NET.Test.Sdk (#94).

@DennisDyallo DennisDyallo changed the title Merge release 1.11 Release 1.11.0 Jun 28, 2024
@DennisDyallo DennisDyallo deleted the merge/release/1.11 branch June 28, 2024 18:40
@DennisDyallo DennisDyallo restored the merge/release/1.11 branch June 28, 2024 18:41
@DennisDyallo DennisDyallo reopened this Jun 28, 2024
@DennisDyallo DennisDyallo merged commit b899b06 into develop Jun 28, 2024
@DennisDyallo DennisDyallo deleted the merge/release/1.11 branch June 28, 2024 19:09
@github-actions GitHub Actions
Copy link

Code Coverage

Package Line Rate Branch Rate Complexity Health
Yubico.Core 42% 31% 4257
Yubico.YubiKey 50% 47% 19089
Summary 49% (31990 / 65940) 44% (8185 / 18519) 23346

Minimum allowed line rate is 40%

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
release
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@DennisDyallo @AdamVe